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DETAILED ACTION 

Response to Amendment 

This office action is in response to amendment filed on 12/09/05. Applicant added 
Claims 40 and 41, and amended Claims 1 and 20. The amendment filed on 12/09/05 have been 
entered and made of record. Therefore, presently pending claims are 1-4, 7-23, and 25-41. 

Response to Arguments 

Applicant's arguments filed 12/09/05 have been fully considered. 

Applicant argued Challener does not disclose or suggest the use of secret sharing to 
control keyholder access to a mapping module. This is not found persuasive. Challener 
discloses performing secret sharing module in the user PC. Wherein the definition of the 
limitation, "performing secret sharing to control keyholder access to the mapping module," as 
being controlling access to the secrets, shared by the secret sharing module, the mapping module 
that possess the key. Then the user PC performs secret sharing to control keyholder access to the 
mapping module by encrypting the ballot and only allowing access to the authentication server 
(mapping module) who posses the key to decrypt the encrypted information. Assuming the 
Challener did not discloses the secret sharing module. When defining the limitation, 
"performing secret sharing to control keyholder access to the mapping module," as only allowing 
access to the shared secrets of the mapping module to those that posses a key. Then the newly 
cited reference Mital discloses a system with a secret sharing module corresponding to the 
secured technology module; the mapping module corresponds to the Central Host; and the secret 
is the encrypted GSO/PI packet wherein only those the possess the correct key can decrypt the 
encrypted data. 
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In reference to the definition of "working data identifier set domain," the applicant argues 
that page 12, line 25 through page 13, line 3, contains the definition of "working data identifier 
set domain," however, the examiner does not find a definition in the indicated section. As a 
result the definition will remain as disclosed below in the rejection. 

Claim Rejections - 35 USC § 103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claims 1-2, 7-8, 16-19, 20-21, 25-26, 34-37 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Challener (6,081,793) in view of Mital (5,903,652). 

In reference to claims I and 20, a communication module for establishing a 
communication connection between a sender of one working data identifier set domain and a 
receiver in a different working data identifier set domain (Fig. 1); a mapping module coupled to 
the communication module for anonymously mapping working data of the one working data 
identifier set domain to working data of the different working data identifier set domain, the 
working data having (i) a research data portion and (ii) an identifier portion related to identifying 
persons associated with the research data portion (column 7 lines 1-37), the mapping module 
mapping the identifier portion of the working data in the one working data identifier set domain 
to the identifier portion of the working data in the different working data identifier set domain 
such that the working data transmitted to the authorized receiver is anonymous data, while 
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leaving the research data portion unmapped by the anonymous mapping of the identifier portions 
(authentication server Fig. 7 and column 7 lines 50-67); and a secret sharing module for 
performing secret sharing to control key holder access to the mapping module (parts 379, 391, 
439 Fig. 7); the apparatus communicating between parties comprising at least the sender (part 
225 Fig. 1 A) and the receiver (part 229 Fig. 1 A) in at least two different working data identifier 
set domains (column 7 lines 38-67 in combination with column 8 lines 45-52). 

The applicant does not define working data identifier set domain. The definition of 
working data identifier set domain is data that devices process that are divided into sets. 
Although Challener does not describe that data that is processed by the authentication server and 
the results server as working data identifier set domain, the data sets that the authenticator and 
the results server process are different sets of data. The authenticator processes that 
identification data and the results server processes that ballot. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to describe the data processed by the authentication server and the results server of 
Challener as working data identifier sets. One of ordinary skill in the art would have been 
motivated to do this because the data revealed to the different servers in system of Challener is 
separated by encryption so that the voter cannot be identified from their ballot (column 10 line 
51-67). 

Although Challener discloses transmitting anonymously mapped identifier portion and 
the unmapped research data portion of the working data to the receiver, the mapping module of 
Challener is not capable of accessing both the identifier portion and the research data portion of 
the working data. 
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Mital discloses a system wherein the communication module is capable of transmitting 
both the anonymously mapped identifier portion and the unmapped research data portion of the 
working data to the receiver (column 7 line 65 column 8 line 14). The system of Mital further 
discloses that the mapping module is capable of accessing both the identifier portion and the 
research data portion of the working data (column 27 lines 54-61). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to make the mapping module capable of accessing both the identifier portion and 
the research data portion of the working data as in Mital and therefore allowing the viewing of 
data, but disallowing access using encryption in the system of Challener. One of ordinary skill in 
the art would have been motivated to do this because it would provide access to portions of 
information that are required by specific users while denying access by use of encryption to data 
that requires hiding from certain users. 

In reference to claims 2 and 21, a system is disclosed wherein the research data portion 
of the working data includes personal data of individuals (column 7 lines 1-10 and 55-60). 

In reference to claims 7 and 25, Challener discloses permanent storage means for storing 
data in a tamper-proof manner (Fig. 1C and Fig. 7). 

In reference to claims 8 and 26, wherein the permanent storage means encrypts non- 
queried parts of the data, said encryption using an encryption key, and the secret sharing module 
storing the encryption key (part 377 Fig. 7). 

In reference to claims 16 and 34, wherein connection of the sender and receiver are 
respectively one of a software implementation and a human being. 
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Although Challener discloses the sender being a software implementation (authentication 
server has software running on it), Challener does not disclose the receiver being a human being 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to send the ballots of Challener to a human being. One of ordinary skill in the art 
would have been motivated to do this because the human being would have interest in the results 
of the ballot for voting purposes. 

In reference to claims J 7 and 35, wherein connection of the sender and receiver is in 
respective different sessions. 

Although Challener discloses the sender and the receiver viewing different forms of the 
information, Challener does not expressly disclose the sender and the receiver connection is in 
respectively different sessions 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to connect the receiver and sender in different session. One of ordinary skill in the 
art would have been motivated to do this because the receiver is interested in the result of the 
ballot and therefore connection of the receiver is advantages after the voting has occurred and 
therefore in a separate session. 

In reference to claims 18 and 36, wherein the communication module further enables 
communication connection by a supervisor in addition to the sender and receiver (part 227 Fig. 
1A). 

In reference to claims 19 and 37 wherein the communication connection by the 
supervisor enables remote operation of the apparatus by the supervisor (Fig. 1C). 



Application/Control Number: 09/808,720 Page 7 

Art Unit: 2135 

Claims 3-4, 9-12, 22-23, 27-30 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Challener as applied to claims 1 and 20 above, and further in view of Schneier. 

In reference to claims 3 and 22, Challener discloses encrypting working data transmitted 
over the channel (Fig. 1), However Challener does not disclose authenticating the sender and 
receiver, resulting in an authorized sender and authorized receiver. 

Schneier discloses a method of mutual authentication using the SKID, so that the sender 
and receiver know that they are talking to each other (page 54-57). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use mutual authentication as in Schneier in the system of Challener. One of 
ordinary skill in the art would have been motivated to do this because the sender and receiver 
would be assured that they are talking to each other. 

In reference to claim 4 and 23, a system is disclosed wherein the mapping module 
employs encryption in the mapping of working data in the domain to working data in the 
different domain such that the working data transmitted to the authorized receiver is anonymous 
data (column 6 lines 14-59). 

In reference to claims 9 and 27, Challener does not expressly disclose a system wherein 
the permanent storage means employs digital signatures on queried parts of the data to detect 
changes in data and thereby prevent tampering. 

Schneier discloses a system of blind signatures where the document is signed and the 
person does not know what they are signing (pages 112-114). Digital signatures are used to 
detect changes in the data. 
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At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use blind signatures as in Schneier in the system of Challener. One of ordinary 
skill in the art would have been motivated to do this because the person that signed the document 
can verify that they signed it, but will not know the contents of the document. 

In reference to claims 10 and 28, Challener discloses the concatenation of the encryption 
key and data (column 5 lines 42-54), however Challener does not disclose digital signature is 
formed from a message digest. 

Schneier discloses generating a message digest using a one-way hash and then signing 
the message digest (pages 38-39). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to sign a message digest as in Schneier in the system of Challener. One of 
ordinary skill in the art would have been motivated to do this because it is a increases the speed 
of signing documents. 

In reference to claims 11 and 29, Challener does not disclose a system wherein the 
permanent storage means maintains a summary measure of stored data 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to maintain a summary measure of stored data in the system of Challener. One of 
ordinary skill in the art would have been motivated to do this because it enable the reconstruction 
of data in the case of corruption of the original. 

In reference to claims 12 and 30, Challener does not disclose a system wherein said 
summary measure has a respective digital signature. 
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At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to maintain a summary measure of stored data that has a digital signature in the 
system of Challener. One of ordinary skill in the art would have been motivated to do this 
because it would enable the detection of changes to the summary measure. 

Claims 13-15, 31-33, and 38 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Challener as applied to claims 1 and 20 above, and further in view of Ansell et al 
(6,151,631). 

In reference to claims 13 and 31, Challener does not expressly disclose storing a mapping 
table having cross-references between identifier portions of working data of the two domains 

However Ansell discloses storing a mapping table (fig. 13 part 1306), the mapping table 
having cross-references between identifier portions of data of different domains (fig. 13 parts 
1302 and 1304) 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to maintain mapping tables as in Ansell in the system of Challener. One of 
ordinary skill in the art would have been motivated to do this because a mapping table organizes 
the information in a convenient manner 

In reference to claims 14, 32, and 38, Challener does not disclose a system wherein the 
mapping module stores a mapping table for plural domains, the mapping table being formed of 
(i) an index section and (ii) a working reference section, the index section indicating identifier 
portion of working data in a first subject domain and the working reference section indicating 
corresponding identifier portion in a second domain, the working reference being encrypted, 
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such that the mapping module performs decryption on a part of the mapping table to determine 
usable cross reference of the working data. 

However Ansell discloses a system wherein the mapping module stores a mapping table 
for plural domains (Fig. 13 part 1306), the mapping table being formed of (i) an index section 
and (ii) a working reference section, the index section indicating identifier portion of working 
data in a first subject domain and the.working reference section indicating corresponding 
identifier portion in a second domain, the working reference being encrypted, such that the 
mapping module performs decryption on a part of the mapping table to determine usable cross 
reference of the working data (Fig. 3). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to maintain mapping tables as in Ansell in the system of Challener. One of 
ordinary skill in the art would have been motivated to do this because a mapping table organizes 
the information in a convenient manner. 

In reference to claims 15 and 33, Challener does not disclose a system wherein the 
mapping module maps working data among plural domains. 

Ansell disclose a system wherein the mapping module maps working data among plural 
domains (Fig. 13 part 1306). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to maintain mapping tables as in Ansell in the system of Challener. One of 
ordinary skill in the art would have been motivated to do this because a mapping table organizes 
the information in a convenient manner. 
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Claim 39 is rejected under 35 U.S.C 103(a) as being unpatentable over Challener as 
applied to claim 1 above, and further in view of Coss et al (EP 0 909 074 Al). 

Challener discloses a system with a secure container (part 30 in Fig. 1); a computer 
system executing the communication module and the mapping module (part 30 in Fig. 1). 

However Challener does not disclose a firewall coupled to the computer system, the 
firewall being housed by the secured container so as to provide tamper-proof hardware. 

Coss discloses a system with a firewall with the capability for supporting multiple 
domains (Page 4 paragraph 0025). Firewalls include tamper-proof hardware by definition. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to include a firewall capable of supporting multiple domains as in Coss in the 
system of Challener. One of ordinary skill in the art would have been motivated to do this 
because firewalls prevent unauthorized access in computer networks. 



Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Paula W. Klimach whose telephone number is (571) 272-3854. 
The examiner can normally be reached on Mon to Thr 9:30 am to 5:30 p.m. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on (571) 272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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